Ssl Overview - 3Com MSR 50 Series Configuration Manual

104

SSL Overview

SSL C
ONFIGURATION
When configuring SSL, go to these sections for information you are interested in:
"SSL Overview" on page 1953
■
"SSL Configuration Task List" on page 1954
■
"Configuring an SSL Server Policy" on page 1954
■
"Configuring an SSL Client Policy" on page 1955
■
"Displaying and Maintaining SSL" on page 1955
■
"Troubleshooting SSL" on page 1956
■
Secure sockets layer (SSL) is a security protocol providing secure connection service
for TCP-based application layer protocols, for example, HTTP protocol. It is widely
used in E-business and online bank fields to provide secure data transmission over
the Internet.
SSL provides these security services:
Confidentiality: SSL encrypts data using a symmetric encryption algorithm and
■
the key generated during handshake phase.
Authentication: SSL supports authenticating both the server and the client
■
through certificates, with the authentication of the client being optional.
Reliability: SSL uses key-based message authentication code (MAC) to verify
■
message integrity.
As shown in Figure 573, the SSL protocol consists of two layers of protocols: the
SSL record protocol at the lower layer and the SSL handshake protocol, change
cipher spec protocol, and alert protocol at the upper layer.
Figure 573 SSL protocol stack
Application layer protocol (e.g. HTTP )
SSL handshake protocol
SSL handshake protocol: Responsible for establishing a session between a
■
client and the server. A session consists of a set of parameters such as the
session ID, peer certificate, cipher suite (including key exchange algorithm, data
encryption algorithm and MAC algorithm), compression algorithm, and master
SSL change cipher spec protocol
SSL record protocol
TCP
IP
SSL alert protocol